Log bestanden bewaken
Wanneer je problemen ondervindt in jouw Linux desktop, server of welke applicatie dan ook, kijk je eerst in de afzonderlijke logbestanden. De logbestanden zijn meestal een stroom van tekstregels en berichten van applicaties met een tijdstempel. Het helpt je om specifieke gevallen te beperken en stelt je in staat om de oorzaak van een probleem te vinden. Het kan ook helpen om hulp te krijgen van het web.
Meestal staan alle logbestanden in de map /var/log. Deze map bevat logbestanden met de extensie .log voor specifieke toepassingen en diensten, en bevat ook submappen die hun logbestanden bevatten.
dany@pindabook:~> ls /var/log/
acpid chrony private
alternatives.log cups samba
apache2 firewall tallylog
apparmor firewalld tuned
audit krb5 updateTestcase-2022-06-11-15-39-01
boot.log lastlog warn
boot.log-20220829.xz mail wpa_supplicant.log
boot.log-20220904.xz mail.err wtmp
boot.log-20220911.xz mail.info Xorg.0.log
boot.log-20220917.xz mail.warn Xorg.0.log.old
boot.log-20221023.xz messages YaST2
boot.log-20221121.xz messages-20221225.xz zypp
boot.log-20221225.xz mysql zypper.log
boot.msg NetworkManager zypper.log-20221023.xz
boot.omsg pbl.log
btmp pk_backend_zypp
Logbestanden bewaken met tail
De tail opdracht is de meest elementaire manier om een logbestand in real time te volgen. Vooral als je op een server werkt met alleen een terminal en geen grafische omgeving (GUI).
dany@pindabook:~> sudo tail -f /var/log/messages
[sudo] wachtwoord voor root:
2023-02-17T13:50:51.364076+01:00 pindabook kernel: [ 161.973113][ T347] ata1.00: LPM support broken, forcing max_power
2023-02-17T13:50:51.364077+01:00 pindabook kernel: [ 161.973244][ T347] ata1.00: ACPI cmd ef/02:00:00:00:00:a0 (SET FEATURES) succeeded
2023-02-17T13:50:51.364078+01:00 pindabook kernel: [ 161.973249][ T347] ata1.00: ACPI cmd f5/00:00:00:00:00:a0 (SECURITY FREEZE LOCK) filtered out
2023-02-17T13:50:51.364088+01:00 pindabook kernel: [ 161.973284][ T347] ata1.00: ACPI cmd ef/10:09:00:00:00:a0 (SET FEATURES) succeeded
2023-02-17T13:50:51.364089+01:00 pindabook kernel: [ 161.973426][ T347] ata1.00: supports DRM functions and may not be fully accessible
2023-02-17T13:50:51.364091+01:00 pindabook kernel: [ 161.973500][ T347] ata1.00: NCQ Send/Recv Log not supported
2023-02-17T13:50:51.364092+01:00 pindabook kernel: [ 161.973704][ T347] ata1.00: configured for UDMA/133
2023-02-17T13:50:51.376054+01:00 pindabook kernel: [ 161.983816][ T44] sd 0:0:0:0: [sda] Starting disk
2023-02-17T13:50:56.529467+01:00 pindabook sudo: dany : TTY=pts/1 ; PWD=/home/dany ; USER=root ; COMMAND=/usr/bin/tail -f /var/log/messages
2023-02-17T13:50:56.531549+01:00 pindabook sudo: pam_unix(sudo:session): session opened for user root by dany(uid=1000)
^C
We gebruiken de optie -f om het logbestand te volgen, dat in real-time wordt bijgewerkt.
Je stopt het volgen (tail opdracht) met de toetscombinatie Ctrl+c.
Zonder de -f optie krijg je enkel de laatste 10 regels van het logbestand te zien en wordt de opdracht afgebroken.
Je kunt meerdere logbestanden met één enkele opdracht volgen met
dany@pindabook:~> sudo tail -f /var/log/messages /var/log/warn
[sudo] wachtwoord voor root:
==> /var/log/messages <==
2023-02-17T13:57:57.344073+01:00 pindabook kernel: [ 587.948583][ T347] ata1.00: LPM support broken, forcing max_power
2023-02-17T13:57:57.344111+01:00 pindabook kernel: [ 587.948713][ T347] ata1.00: ACPI cmd ef/02:00:00:00:00:a0 (SET FEATURES) succeeded
2023-02-17T13:57:57.344114+01:00 pindabook kernel: [ 587.948718][ T347] ata1.00: ACPI cmd f5/00:00:00:00:00:a0 (SECURITY FREEZE LOCK) filtered out
2023-02-17T13:57:57.344115+01:00 pindabook kernel: [ 587.948743][ T347] ata1.00: ACPI cmd ef/10:09:00:00:00:a0 (SET FEATURES) succeeded
2023-02-17T13:57:57.344117+01:00 pindabook kernel: [ 587.948867][ T347] ata1.00: supports DRM functions and may not be fully accessible
2023-02-17T13:57:57.344119+01:00 pindabook kernel: [ 587.948980][ T347] ata1.00: NCQ Send/Recv Log not supported
2023-02-17T13:57:57.348027+01:00 pindabook kernel: [ 587.949214][ T347] ata1.00: configured for UDMA/133
2023-02-17T13:57:57.356035+01:00 pindabook kernel: [ 587.959368][ T2174] sd 0:0:0:0: [sda] Starting disk
2023-02-17T13:58:27.813420+01:00 pindabook sudo: dany : TTY=pts/1 ; PWD=/home/dany ; USER=root ; COMMAND=/usr/bin/tail -f /var/log/messages /var/log/warn
2023-02-17T13:58:27.815172+01:00 pindabook sudo: pam_unix(sudo:session): session opened for user root by dany(uid=1000)
==> /var/log/warn <==
2023-02-17T13:57:25.344071+01:00 pindabook kernel: [ 555.948612][ T347] ata1.00: NCQ Send/Recv Log not supported
2023-02-17T13:57:25.344071+01:00 pindabook kernel: [ 555.949044][ T347] ata1.00: LPM support broken, forcing max_power
2023-02-17T13:57:25.344080+01:00 pindabook kernel: [ 555.949333][ T347] ata1.00: supports DRM functions and may not be fully accessible
2023-02-17T13:57:25.348059+01:00 pindabook kernel: [ 555.949433][ T347] ata1.00: NCQ Send/Recv Log not supported
2023-02-17T13:57:57.344052+01:00 pindabook kernel: [ 587.947205][ T347] ata1.00: LPM support broken, forcing max_power
2023-02-17T13:57:57.344069+01:00 pindabook kernel: [ 587.947899][ T347] ata1.00: supports DRM functions and may not be fully accessible
2023-02-17T13:57:57.344072+01:00 pindabook kernel: [ 587.948146][ T347] ata1.00: NCQ Send/Recv Log not supported
2023-02-17T13:57:57.344073+01:00 pindabook kernel: [ 587.948583][ T347] ata1.00: LPM support broken, forcing max_power
2023-02-17T13:57:57.344117+01:00 pindabook kernel: [ 587.948867][ T347] ata1.00: supports DRM functions and may not be fully accessible
2023-02-17T13:57:57.344119+01:00 pindabook kernel: [ 587.948980][ T347] ata1.00: NCQ Send/Recv Log not supported
^C
Als je een HTTP of sftp of een andere server wilt bewaken, kun je hun respectieve logbestanden met deze opdracht gebruiken.
Logbestanden bewaken met de Logfile Navigator
De Logfile Navigator (lnav) is een uitstekend hulpprogramma dat je kunt gebruiken om logbestanden op een meer gestructureerde manier met kleurgecodeerde berichten te controleren. Dit is niet standaard geïnstalleerd in Linux-systemen. Je kunt het installeren met de onderstaande opdracht:
dany@pindabook:~> sudo zypper install lnav
[sudo] wachtwoord voor root:
Ophalen van metagegevens uit opslagruimte 'Update repository of openSUSE Backports' ...........................................[gereed]
Cache van opslagruimte 'Update repository of openSUSE Backports' wordt gebouwd ................................................[gereed]
Ophalen van metagegevens uit opslagruimte 'Update repository with updates from SUSE Linux Enterprise 15' ......................[gereed]
Cache van opslagruimte 'Update repository with updates from SUSE Linux Enterprise 15' wordt gebouwd ...........................[gereed]
Ophalen van metagegevens uit opslagruimte 'Opslagruimte voor bijwerken (niet-Oss)' ............................................[gereed]
Cache van opslagruimte 'Opslagruimte voor bijwerken (niet-Oss)' wordt gebouwd .................................................[gereed]
Gegevens van opslagruimte laden...
Lezen van geïnstalleerde pakketten...
Pakketafhankelijkheden oplossen...
De volgende 2 NIEUWE pakketten zullen worden geïnstalleerd:
libpcrecpp0 lnav
2 nieuwe te installeren pakketten.
Totale downloadgrootte: 834,1 KiB. Reeds in de cache: 0 B. Na de bewerking zal aanvullend 2,7 MiB worden gebruikt.
Doorgaan? [j/n/v/...? alle opties tonen] (j):
pakket libpcrecpp0-8.45-150000.20.13.1.x86_64 wordt opgehaald (1/2), 28,6 KiB ( 38,6 KiB uitgepakt)
Ophalen: libpcrecpp0-8.45-150000.20.13.1.x86_64.rpm ...............................................................[gereed (1,2 KiB/s)]
pakket lnav-0.8.5-bp154.1.38.x86_64 wordt opgehaald (2/2), 805,5 KiB ( 2,7 MiB uitgepakt)
Ophalen: lnav-0.8.5-bp154.1.38.x86_64.rpm .......................................................................[gereed (326,9 KiB/s)]
Controleren op conflicten tussen bestanden: ...................................................................................[gereed]
(1/2) Installeren van: libpcrecpp0-8.45-150000.20.13.1.x86_64 .................................................................[gereed]
(2/2) Installeren van: lnav-0.8.5-bp154.1.38.x86_64 ...........................................................................[gereed]
Als je lnav niet wilt installeren, kan je het voorgecompileerde uitvoerbare bestand downloaden en overal uitvoeren, zelfs vanaf een USB-stick. Er is geen installatie nodig, en het zit boordevol functies. Met lnav kun je de logbestanden bevragen via SQL, naast andere coole functies die je kunt leren op de officiële website.
Eenmaal geïnstalleerd, kun je lnav draaien vanaf een terminal met root rechten, en het zal standaard alle logs uit /var/log tonen en beginnen te monitoren in real-time.
dany@pindabook:~> sudo lnav
[sudo] wachtwoord voor root:
Logbestanden bewaken met journalctl
Alle moderne Linux-distributies gebruiken tegenwoordig meestal systemd. Systemd biedt een basisraamwerk en componenten die het Linux-besturingssysteem meestal standaard draaien. Systemd biedt journal services via journalctl, die helpt bij het beheren van logs van alle systemd services. Je kunt de respectieve systemd diensten en logs in real-time monitoren met de volgende opdracht.
dany@pindabook:~> sudo journalctl -f
[sudo] wachtwoord voor root:
feb 17 14:18:48 pindabook kernel: ata1.00: LPM support broken, forcing max_power
feb 17 14:18:48 pindabook kernel: ata1.00: ACPI cmd ef/02:00:00:00:00:a0 (SET FEATURES) succeeded
feb 17 14:18:48 pindabook kernel: ata1.00: ACPI cmd f5/00:00:00:00:00:a0 (SECURITY FREEZE LOCK) filtered out
feb 17 14:18:48 pindabook kernel: ata1.00: ACPI cmd ef/10:09:00:00:00:a0 (SET FEATURES) succeeded
feb 17 14:18:48 pindabook kernel: ata1.00: supports DRM functions and may not be fully accessible
feb 17 14:18:48 pindabook kernel: ata1.00: NCQ Send/Recv Log not supported
feb 17 14:18:48 pindabook kernel: ata1.00: configured for UDMA/133
feb 17 14:18:48 pindabook kernel: sd 0:0:0:0: [sda] Starting disk
feb 17 14:18:58 pindabook sudo[2313]: dany : TTY=pts/1 ; PWD=/home/dany ; USER=root ; COMMAND=/usr/bin/journalctl -f
feb 17 14:18:58 pindabook sudo[2313]: pam_unix(sudo:session): session opened for user root by dany(uid=1000)
^C
Hier zijn enkele specifieke journalctl opdrachten die je kunt gebruiken voor verschillende gevallen. Je kunt deze combineren met de -f optie hierboven om real-time monitoring te starten.
Toon enkel de fout (Error) berichten:
dany@pindabook:~> sudo journalctl -p 3
feb 15 17:44:55 pindabook kernel: ACPI Error: AE_BAD_PARAMETER, Returned by Handler for [EmbeddedControl] (20210730/evregion-283)
feb 15 17:44:55 pindabook kernel: ACPI Error: Aborting method \_TZ.TZ01._TMP due to previous error (AE_BAD_PARAMETER) (20210730/pspars>
feb 15 17:44:55 pindabook kernel: ACPI Error: AE_BAD_PARAMETER, Returned by Handler for [EmbeddedControl] (20210730/evregion-283)
feb 15 17:44:55 pindabook kernel: ACPI Error: Aborting method \_TZ.TZ01._TMP due to previous error (AE_BAD_PARAMETER) (20210730/pspars>
feb 15 17:44:56 pindabook kernel: thinkpad_acpi: ThinkPad ACPI EC access misbehaving, disabling thermal sensors access
feb 15 17:44:56 pindabook tlp[676]: Error: tlp.service is not enabled, power saving will not apply on boot.
feb 15 17:44:56 pindabook tlp[676]: >>> Invoke 'systemctl enable tlp.service' to correct this!
feb 15 17:44:59 pindabook kernel: Bluetooth: hci0: unexpected event for opcode 0xfc2f
De volgende codes zijn beschikbaar:
0: emergency 1: alerts 2: critical 3: errors 4: warning 5: notice 6: info 7: debug
Wanneer je de foutcode opgeeft, worden alle berichten van die code en hoger getoond. Als je bijvoorbeeld 3 opgeeft, worden alle berichten met prioriteit 3, 2, 1 en 0 getoond.
Gebruik tijd opties om perioden weer te geven:
dany@pindabook:~> sudo journalctl --since "2023-02-15 18:00:00"
feb 15 18:00:01 pindabook systemd[1]: Starting Cleanup of Temporary Directories...
feb 15 18:00:01 pindabook systemd[1]: systemd-tmpfiles-clean.service: Deactivated successfully.
feb 15 18:00:01 pindabook systemd[1]: Finished Cleanup of Temporary Directories.
feb 15 18:00:22 pindabook sudo[2348]: dany : TTY=pts/1 ; PWD=/home/dany ; USER=root ; COMMAND=/usr/bin/ls /var/log/apache2/
feb 15 18:00:22 pindabook sudo[2348]: pam_unix(sudo:session): session opened for user root by dany(uid=1000)
feb 15 18:00:22 pindabook sudo[2348]: pam_unix(sudo:session): session closed for user root
feb 15 18:00:48 pindabook kernel: sd 0:0:0:0: [sda] Synchronizing SCSI cache
feb 15 18:00:48 pindabook kernel: sd 0:0:0:0: [sda] Stopping disk
feb 15 18:00:54 pindabook kernel: ata1: SATA link up 6.0 Gbps (SStatus 133 SControl 300)
feb 15 18:00:54 pindabook kernel: ata1.00: LPM support broken, forcing max_power
feb 15 18:00:54 pindabook kernel: ata1.00: ACPI cmd ef/02:00:00:00:00:a0 (SET FEATURES) succeeded
feb 15 18:00:54 pindabook kernel: ata1.00: ACPI cmd f5/00:00:00:00:00:a0 (SECURITY FREEZE LOCK) filtered out
feb 15 18:00:54 pindabook kernel: ata1.00: ACPI cmd ef/10:09:00:00:00:a0 (SET FEATURES) succeeded
feb 15 18:00:54 pindabook kernel: ata1.00: supports DRM functions and may not be fully accessible
feb 15 18:00:54 pindabook kernel: ata1.00: NCQ Send/Recv Log not supported
feb 15 18:00:54 pindabook kernel: ata1.00: LPM support broken, forcing max_power
feb 15 18:00:54 pindabook kernel: ata1.00: ACPI cmd ef/02:00:00:00:00:a0 (SET FEATURES) succeeded
feb 15 18:00:54 pindabook kernel: ata1.00: ACPI cmd f5/00:00:00:00:00:a0 (SECURITY FREEZE LOCK) filtered out
feb 15 18:00:54 pindabook kernel: ata1.00: ACPI cmd ef/10:09:00:00:00:a0 (SET FEATURES) succeeded
feb 15 18:00:54 pindabook kernel: ata1.00: supports DRM functions and may not be fully accessible
feb 15 18:00:54 pindabook kernel: ata1.00: NCQ Send/Recv Log not supported
feb 15 18:00:54 pindabook kernel: ata1.00: configured for UDMA/133
feb 15 18:00:54 pindabook kernel: sd 0:0:0:0: [sda] Starting disk
feb 15 18:01:25 pindabook kernel: sd 0:0:0:0: [sda] Synchronizing SCSI cache
feb 15 18:01:25 pindabook kernel: sd 0:0:0:0: [sda] Stopping disk
feb 15 18:01:31 pindabook kernel: ata1: SATA link up 6.0 Gbps (SStatus 133 SControl 300)
feb 15 18:01:31 pindabook kernel: ata1.00: LPM support broken, forcing max_power
feb 15 18:01:31 pindabook kernel: ata1.00: ACPI cmd ef/02:00:00:00:00:a0 (SET FEATURES) succeeded
lines 1-28
Je krijgt daarbij een paginaweergave (spatie voor de volgende pagina en q om te stoppen).
dany@pindabook:~> sudo journalctl --since "2023-02-15 18:00:00" --until "2023-02-15 18:01:00"
feb 15 18:00:01 pindabook systemd[1]: Starting Cleanup of Temporary Directories...
feb 15 18:00:01 pindabook systemd[1]: systemd-tmpfiles-clean.service: Deactivated successfully.
feb 15 18:00:01 pindabook systemd[1]: Finished Cleanup of Temporary Directories.
feb 15 18:00:22 pindabook sudo[2348]: dany : TTY=pts/1 ; PWD=/home/dany ; USER=root ; COMMAND=/usr/bin/ls /var/log/apache2/
feb 15 18:00:22 pindabook sudo[2348]: pam_unix(sudo:session): session opened for user root by dany(uid=1000)
feb 15 18:00:22 pindabook sudo[2348]: pam_unix(sudo:session): session closed for user root
feb 15 18:00:48 pindabook kernel: sd 0:0:0:0: [sda] Synchronizing SCSI cache
feb 15 18:00:48 pindabook kernel: sd 0:0:0:0: [sda] Stopping disk
feb 15 18:00:54 pindabook kernel: ata1: SATA link up 6.0 Gbps (SStatus 133 SControl 300)
feb 15 18:00:54 pindabook kernel: ata1.00: LPM support broken, forcing max_power
feb 15 18:00:54 pindabook kernel: ata1.00: ACPI cmd ef/02:00:00:00:00:a0 (SET FEATURES) succeeded
feb 15 18:00:54 pindabook kernel: ata1.00: ACPI cmd f5/00:00:00:00:00:a0 (SECURITY FREEZE LOCK) filtered out
feb 15 18:00:54 pindabook kernel: ata1.00: ACPI cmd ef/10:09:00:00:00:a0 (SET FEATURES) succeeded
feb 15 18:00:54 pindabook kernel: ata1.00: supports DRM functions and may not be fully accessible
feb 15 18:00:54 pindabook kernel: ata1.00: NCQ Send/Recv Log not supported
feb 15 18:00:54 pindabook kernel: ata1.00: LPM support broken, forcing max_power
feb 15 18:00:54 pindabook kernel: ata1.00: ACPI cmd ef/02:00:00:00:00:a0 (SET FEATURES) succeeded
feb 15 18:00:54 pindabook kernel: ata1.00: ACPI cmd f5/00:00:00:00:00:a0 (SECURITY FREEZE LOCK) filtered out
feb 15 18:00:54 pindabook kernel: ata1.00: ACPI cmd ef/10:09:00:00:00:a0 (SET FEATURES) succeeded
feb 15 18:00:54 pindabook kernel: ata1.00: supports DRM functions and may not be fully accessible
feb 15 18:00:54 pindabook kernel: ata1.00: NCQ Send/Recv Log not supported
feb 15 18:00:54 pindabook kernel: ata1.00: configured for UDMA/133
feb 15 18:00:54 pindabook kernel: sd 0:0:0:0: [sda] Starting disk
Nog een voorbeeld:
dany@pindabook:~> sudo journalctl --since "18:32" --until "1 minute ago"
feb 15 18:32:29 pindabook kernel: sd 0:0:0:0: [sda] Synchronizing SCSI cache
feb 15 18:32:29 pindabook kernel: sd 0:0:0:0: [sda] Stopping disk
feb 15 18:32:35 pindabook kernel: ata1: SATA link up 6.0 Gbps (SStatus 133 SControl 300)
feb 15 18:32:35 pindabook kernel: ata1.00: LPM support broken, forcing max_power
feb 15 18:32:35 pindabook kernel: ata1.00: ACPI cmd ef/02:00:00:00:00:a0 (SET FEATURES) succeeded
feb 15 18:32:35 pindabook kernel: ata1.00: ACPI cmd f5/00:00:00:00:00:a0 (SECURITY FREEZE LOCK) filtered out
feb 15 18:32:35 pindabook kernel: ata1.00: ACPI cmd ef/10:09:00:00:00:a0 (SET FEATURES) succeeded
feb 15 18:32:35 pindabook kernel: ata1.00: supports DRM functions and may not be fully accessible
feb 15 18:32:35 pindabook kernel: ata1.00: NCQ Send/Recv Log not supported
feb 15 18:32:35 pindabook kernel: ata1.00: LPM support broken, forcing max_power
feb 15 18:32:35 pindabook kernel: ata1.00: ACPI cmd ef/02:00:00:00:00:a0 (SET FEATURES) succeeded
feb 15 18:32:35 pindabook kernel: ata1.00: ACPI cmd f5/00:00:00:00:00:a0 (SECURITY FREEZE LOCK) filtered out
feb 15 18:32:35 pindabook kernel: ata1.00: ACPI cmd ef/10:09:00:00:00:a0 (SET FEATURES) succeeded
feb 15 18:32:35 pindabook kernel: ata1.00: supports DRM functions and may not be fully accessible
feb 15 18:32:35 pindabook kernel: ata1.00: NCQ Send/Recv Log not supported
feb 15 18:32:35 pindabook kernel: ata1.00: configured for UDMA/133
feb 15 18:32:35 pindabook kernel: sd 0:0:0:0: [sda] Starting disk
Ook de Linux Kernel-berichten kunnen uit de logboeken worden gehaald. Gebruik de onderstaande opdracht om de Kernel-berichten van de huidige boot te bekijken.
dany@pindabook:~> sudo journalctl -k
feb 15 17:44:51 pindabook kernel: microcode: microcode updated early to revision 0x26, date = 2019-11-12
feb 15 17:44:51 pindabook kernel: Linux version 5.14.21-150400.24.41-default (geeko@buildhost) (gcc (SUSE Linux) 7.5.0, GNU ld (GNU Bi>
feb 15 17:44:51 pindabook kernel: Command line: BOOT_IMAGE=/boot/vmlinuz-5.14.21-150400.24.41-default root=UUID=979cce38-50c8-4fe0-af6>
feb 15 17:44:51 pindabook kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
feb 15 17:44:51 pindabook kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
feb 15 17:44:51 pindabook kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
feb 15 17:44:51 pindabook kernel: x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256
feb 15 17:44:51 pindabook kernel: x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
feb 15 17:44:51 pindabook kernel: signal: max sigframe size: 1776
feb 15 17:44:51 pindabook kernel: BIOS-provided physical RAM map:
feb 15 17:44:51 pindabook kernel: BIOS-e820: [mem 0x0000000000000000-0x0000000000057fff] usable
feb 15 17:44:51 pindabook kernel: BIOS-e820: [mem 0x0000000000058000-0x0000000000058fff] reserved
feb 15 17:44:51 pindabook kernel: BIOS-e820: [mem 0x0000000000059000-0x000000000008bfff] usable
feb 15 17:44:51 pindabook kernel: BIOS-e820: [mem 0x000000000008c000-0x00000000000bffff] reserved
feb 15 17:44:51 pindabook kernel: BIOS-e820: [mem 0x00000000000e0000-0x00000000000fffff] reserved
feb 15 17:44:51 pindabook kernel: BIOS-e820: [mem 0x0000000000100000-0x00000000cc455fff] usable
feb 15 17:44:51 pindabook kernel: BIOS-e820: [mem 0x00000000cc456000-0x00000000cc657fff] reserved
feb 15 17:44:51 pindabook kernel: BIOS-e820: [mem 0x00000000cc658000-0x00000000db342fff] usable
feb 15 17:44:51 pindabook kernel: BIOS-e820: [mem 0x00000000db343000-0x00000000dce23fff] reserved
feb 15 17:44:51 pindabook kernel: BIOS-e820: [mem 0x00000000dce24000-0x00000000dcf7efff] ACPI NVS
feb 15 17:44:51 pindabook kernel: BIOS-e820: [mem 0x00000000dcf7f000-0x00000000dcffefff] ACPI data
feb 15 17:44:51 pindabook kernel: BIOS-e820: [mem 0x00000000dcfff000-0x00000000dcffffff] usable
feb 15 17:44:51 pindabook kernel: BIOS-e820: [mem 0x00000000dd000000-0x00000000df9fffff] reserved
lines 1-23
Je kunt de logs van een specifiek systemd onderdeel (service) uit de journald-logs filteren. Om bijvoorbeeld de logs van de NetworkManager service uit te zoeken, gebruik je de onderstaande opdracht.
dany@pindabook:~>sudo journalctl -u NetworkManager.servicefeb 15 17:44:57 pindabook systemd[1]: Starting Network Manager... feb 15 17:44:57 pindabook NetworkManager[1045]:[1676479497.4550] NetworkManager (version 1.32.12) is starting... (for the fir> feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.4550] Read config: /etc/NetworkManager/NetworkManager.conf feb 15 17:44:57 pindabook systemd[1]: Started Network Manager. feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.4598] bus-manager: acquired D-Bus service "org.freedesktop.Network> feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.4649] manager[0x558e0839e000]: monitoring kernel firmware director> feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6116] hostname: hostname: using hostnamed feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6116] hostname: hostname changed from (none) to "pindabook" feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6121] dns-mgr[0x558e08386220]: init: dns=default,systemd-resolved > feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6130] rfkill1: found Wi-Fi radio killswitch (at /sys/devices/pci00> feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6133] manager[0x558e0839e000]: rfkill: Wi-Fi hardware radio set en> feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6134] manager[0x558e0839e000]: rfkill: WWAN hardware radio set ena> feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6293] Loaded device plugin: NMWwanFactory (/usr/lib64/NetworkManag> feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6319] Loaded device plugin: NMBluezManager (/usr/lib64/NetworkMana> feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6351] Loaded device plugin: NMTeamFactory (/usr/lib64/NetworkManag> feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6379] Loaded device plugin: NMWifiFactory (/usr/lib64/NetworkManag> feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6413] Loaded device plugin: NMAtmManager (/usr/lib64/NetworkManage> feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6422] Loaded device plugin: NMOvsFactory (/usr/lib64/NetworkManage> feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6427] manager: rfkill: Wi-Fi enabled by radio killswitch; enabled > feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6428] manager: rfkill: WWAN enabled by radio killswitch; enabled b> feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6429] manager: Networking is enabled by state file feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6431] dhcp-init: Using DHCP client 'dhclient' feb 15 17:44:57 pindabook NetworkManager[1045]: [1676479497.6436] settings: Loaded settings plugin: keyfile (internal) lines 1-23
Als je de naam van de service niet weet, kun je de onderstaande opdracht gebruiken om de systemd services in jouw systeem op te sommen.
dany@pindabook:~> systemctl list-units --type=service
UNIT LOAD ACTIVE SUB DESCRIPTION >
alsa-restore.service loaded active exited Save/Restore Sound C>
apache2.service loaded active running The Apache Webserver
apparmor.service loaded active exited Load AppArmor profil>
auditd.service loaded active running Security Auditing Se>
augenrules.service loaded active exited auditd rules generat>
avahi-daemon.service loaded active running Avahi mDNS/DNS-SD St>
bluetooth.service loaded active running Bluetooth service
boot-sysctl.service loaded active exited Apply Kernel Variabl>
chronyd.service loaded active running NTP client/server
cron.service loaded active running Command Scheduler
cups.service loaded active running CUPS Scheduler
dbus.service loaded active running D-Bus System Message>
detect-part-label-duplicates.service loaded active exited Detect if the system>
display-manager.service loaded active running X Display Manager
dracut-shutdown.service loaded active exited Restore /run/initram>
firewalld.service loaded active running firewalld - dynamic >
getty@tty1.service loaded active running Getty on tty1
haveged.service loaded active running Entropy Daemon based>
iio-sensor-proxy.service loaded active running IIO Sensor Proxy ser>
irqbalance.service loaded active running irqbalance daemon
kbdsettings.service loaded active exited Apply settings from >
klog.service loaded active exited Early Kernel Boot Me>
lines 1-23
Als je serverlogs analyseert, zijn de volgende opdrachten nuttig wanneer meerdere gebruikers zijn ingelogd. Je kunt eerst het id van de gebruiker achterhalen met de id opdracht uit de gebruikersnaam. Bijvoorbeeld, om het id van gebruiker "dany" te achterhalen:
dany@pindabook:~> id -u dany
1000
Gebruik dan dat ID met de _UID-optie om de logs te bekijken die door de gebruiker zijn gegenereerd.
dany@pindabook:~> sudo journalctl _UID=1000 --since today
feb 15 17:45:00 pindabook systemd[1499]: Queued start job for default target Main User Target.
feb 15 17:45:00 pindabook systemd[1499]: Created slice User Application Slice.
feb 15 17:45:00 pindabook systemd[1499]: Started Daily Cleanup of User's Temporary Directories.
feb 15 17:45:00 pindabook systemd[1499]: Reached target Paths.
feb 15 17:45:00 pindabook systemd[1499]: Reached target Timers.
feb 15 17:45:00 pindabook systemd[1499]: Starting D-Bus User Message Bus Socket...
feb 15 17:45:00 pindabook systemd[1499]: Listening on PipeWire Multimedia System Socket.
feb 15 17:45:00 pindabook systemd[1499]: Listening on Sound System.
feb 15 17:45:00 pindabook systemd[1499]: Starting Create User's Volatile Files and Directories...
feb 15 17:45:00 pindabook systemd[1499]: Finished Create User's Volatile Files and Directories.
feb 15 17:45:00 pindabook systemd[1499]: Listening on D-Bus User Message Bus Socket.
feb 15 17:45:00 pindabook systemd[1499]: Reached target Sockets.
feb 15 17:45:00 pindabook systemd[1499]: Reached target Basic System.
feb 15 17:45:00 pindabook systemd[1499]: Reached target Main User Target.
feb 15 17:45:00 pindabook systemd[1499]: Startup finished in 160ms.
feb 15 17:45:00 pindabook sddm-helper[1508]: Adding cookie to "/run/user/1000/xauth_bDMFzi"
feb 15 17:45:00 pindabook systemd[1499]: Started D-Bus User Message Bus.
feb 15 17:45:00 pindabook systemd[1499]: Reloading.
feb 15 17:45:01 pindabook klauncher[1569]: Connecting to deprecated signal QDBusConnectionInterface::serviceOwnerChanged(QString,QStri>
feb 15 17:45:01 pindabook kcminit_startup[1573]: Initializing "/usr/lib64/qt5/plugins/plasma/kcms/systemsettings/kcm_mouse.so"
feb 15 17:45:01 pindabook kcminit_startup[1573]: Initializing "/usr/lib64/qt5/plugins/plasma/kcms/systemsettings/kcm_style.so"
feb 15 17:45:01 pindabook kcminit_startup[1573]: QDBusConnection: error: could not send signal to service "" path "//home/dany/.kde4/s>
feb 15 17:45:01 pindabook kcminit_startup[1573]: Initializing "/usr/lib64/qt5/plugins/plasma/kcms/systemsettings/kcm_fonts.so"
lines 1-23
Opruimen
Je kunt het lnav pakket volledig van de computer verwijderen met de opdracht:
dany@pindabook:~> sudo zypper remove -u lnav
[sudo] wachtwoord voor root:
Lezen van geïnstalleerde pakketten...
Pakketafhankelijkheden oplossen...
De volgende 2 pakketten zullen worden VERWIJDERD:
libpcrecpp0 lnav
2 te verwijderen pakketten.
Na de bewerking zal 2,7 MiB worden vrijgemaakt.
Doorgaan? [j/n/v/...? alle opties tonen] (j):
(1/2) Verwijderen van lnav-0.8.5-bp154.1.38.x86_64 ............................................................................[gereed]
(2/2) Verwijderen van libpcrecpp0-8.45-150000.20.13.1.x86_64 ..................................................................[gereed]